I need to setup a alert to send notification when users access Solarwinds can this be done?
The base principle here is: "If the data is in the DB then you should be able to extract it".We use a fairly simple query that runs in a report to show the last x days of audit events. This is not because we are being all 'big brother' about it, but the audit logs stores a lot more info than just logins or outs.. However, due to the way Solarwinds don't have a proper RBAC solution, then to prevent giving everyone full admin rights we set up a bunch of reports. This way, they can run a report to see when precisely an event happened or something was done.This is not something we've done, but I suspect the following is a good starting place:
I think this would work too. Or you could setup a report to e-mail you once a day with a historical list of logins for the day.
That's my plan
SELECT DISTINCT(data.Accountid) as Account--, data.AuditEventMessage, max(data.TimeLoggedUtc) as latesttimeFROM orion.auditingevents AS dataWHERE 1=1AND [data].[ActionTypeID] = 1GROUP by data.AccountID--, data.AuditEventMessageORDER BY data.AccountID ascWITH NOLOCKAdd a time where of your choice
Yup 100% this is what we do, and IMO works far better than trying to configure an alert for it.
Our report is this:
SELECT AE.AuditEventID ,AE.AuditingActionType.ActionTypeDisplayName AS [Audit Action] ,AE.AccountID ,AE.AuditEventMessage AS [Audit Event] ,AE.TimeLoggedUtcFROM Orion.AuditingEvents AS AE
